Client Security:
Java

This tutorial shows you how to set up a Riak Java client to authenticate
itself when connecting to Riak.

If you are using trust- or PAM-based authentication, you can use the
security setup described below. Certificate-based authentication is not
yet supported in the Java client.

Note on certificate generation

This tutorial does not cover certificate generation. It assumes that all
necessary certificates have already been created and are stored in a directory
called /ssl_dir. This directory name is used only for example purposes.

Java Client Basics

When connecting to Riak using a Java-based client, you typically do so
by instantiating separate RiakNode objects for each node in your
cluster, a RiakCluster object registering those RiakNode objects,
and finally a RiakClient object that registers the general cluster
configuration. In this document, we will be working with only one node.

If you are using Riak security, all connecting clients should have
access to the same Certificate Authority (CA) used on the server side,
regardless of which security source you
choose. All clients should also provide a username, regardless of
security source. The example below sets up a single node object (we’ll
simply call it node) that connects to Riak on localhost and on port
8087 and specifies riakuser as a username. That object will be used to
create a cluster object (we’ll call it cluster), which will in turn be
used to create a client object. The setup below does not specify a CA:

This client object is not currently set up to use any of the available
security sources. This will change in the sections below.

Password-based Authentication

To enable our client to use password-based auth, we can use most of the
setup from the example above, with the exception that we will specify a
password for the client in the withAuth method in the node object’s
constructor rather than leaving it as null. We will also pass a
KeyStore object into that method.